[tor-bugs] #32156 [- Select a component]: NSS Internal PKCS#11 Module out of date in TOR 8.5.5 causing invalid certificate RSS failures
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 18 20:35:46 UTC 2019
#32156: NSS Internal PKCS#11 Module out of date in TOR 8.5.5 causing invalid
certificate RSS failures
------------------------------+--------------------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: - Select a component
Version: Tor: unspecified | Severity: Normal
Keywords: PKCS RSS | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+--------------------------------------
TOR 8.5.5 is based on Mozilla Firefox 60.9.0esr (32-bit)
The latest version of NON-TOR (64 bit windows) Firefox is Ver 69.0.3
The PKCS#11 Module included with the TOR version of firefox is now out of
date.
The version of PKCS #11 used by the latest version of Firefox is 3.45
The version reported by TOR is 3.36
This newer version of PKCS #11 includes the many Cert issuers in it's list
of trusted authorities that the current Tor version of Firefox DOES NOT.
This leads to users experiencing security errors when trying to access
properly configured sites with valid certs under TOR that work properly
for them outside the TOR system:
====<error message>====
Your connection is not secure
The owner of "sitename.com" has configured their website improperly. To
protect your information from being stolen, Tor Browser has not connected
to this website.
=======================
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32156>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list